Subject: mainline kernel Posted by xaxaxa on Tue, 26 Nov 2013 20:30:33 GMT View Forum Message <> Reply to Message are there plans to release a mainline-based openvz kernel? My experience has been that mainline kernels tend to be much more stable than rhel kernels. I've encountered a few random freezes/kernel panics in the past with rhel6 (both stock centos rhel6 kernel and openvz rhel6 kernel), and I've always been running the latest stable version. In addition, I find the rhel6 kernel extremely feature-incomplete: * no codel support * virtually no ARM support * incompatible with AUFS and tuxonice patches * VERY buggy btrfs code (I can instantly kernel-panic a rhel6/centos6 system by plugging in and unplugging one of my btrfs usb drives) * no f2fs * incomplete hardware support; the driver for my server's network card is in mainline, but not in rhel6 * no seccomp * no nested pid namespaces, meaning I can't run things like chromium in an openvz container (without a hack) * no tcp fast open * bad numa scheduling The openvz patches has a few issues too, most notably very bad network performance between ve <-> ve, and outside <-> ve (100% cpu usage to only get 50MB/s transfer with simple tcp connection; outside <-> host is fast though); I've tried both venet and veth, and got the same results. so for now, I'm stuck with linux-vserver; I used to use openvz, but over time the kernel issues started to become a huge maintenance burden. Subject: Re: mainline kernel Posted by pavel.odintsov on Wed, 27 Nov 2013 08:31:28 GMT View Forum Message <> Reply to Message Hello, xaxaxa! You can use 3.8+ kernel, almost all features from OpenVZ it has. There are no plans for supporting mainline kernel (information from developers) but in near future we wait release on RHEL7 kernel. P.S. AUFS is so buggy for upstream too. Page 1 of 2 ---- Generated from OpenVZ Forum Subject: Re: mainline kernel Posted by xaxaxa on Wed, 27 Nov 2013 22:29:38 GMT View Forum Message <> Reply to Message is using vzctl with a mainline (3.x) kernel considered secure? if I create a container, is it reasonable to assume root in the container can't break out? Subject: Re: mainline kernel Posted by pavel.odintsov on Thu, 28 Nov 2013 09:22:43 GMT View Forum Message <> Reply to Message I tough it's no secure enough for production use but for internal use it's ok. Page 2 of 2 ---- Generated from OpenVZ Forum.